1464 matches found
CVE-2026-1821 Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mtreservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-67855
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...
EUVD-2025-206749
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting XSS vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links...
PT-2026-6225
Name of the Vulnerable Software and Affected Versions Crocoblock JetElements For Elementor versions through 2.7.12.2 Description A flaw exists in Crocoblock JetElements For Elementor that allows for DOM-Based Cross-site Scripting XSS. This issue arises from improper input neutralization during we...
PT-2026-5749
Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue stems from insufficient...
UBUNTU-CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
EUVD-2025-206306
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...
MiracleLinux 8 : python27:2.7 (AXSA:2022-3551:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3551:01 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python: ftplib should not use the host from the PASV response...
PT-2026-3476
Name of the Vulnerable Software and Affected Versions HotCRP version 3.1 Description HotCRP is conference review software. A flaw introduced in April 2024 in version 3.1 allows users to trigger the execution of arbitrary PHP code due to inadequately sanitized code generation for HotCRP formulas...
CVE-2025-14375 RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.10 - Reflected Cross-Site Scripting via className
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping. This makes it...
MiracleLinux 4 : gnupg2-2.0.14-9.AXS4 (AXSA:2018-3257:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3257:01 advisory. gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification CVE-2018-12020 Tenable has...
USN-7964-1 git vulnerabilities
It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. CVE-2024-50349 It was discovered that Git did not properly handle carriage return characters in it...
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...
USN-7958-1 angular.js vulnerabilities
It was discovered that AngularJS did not properly sanitize certain xlink:href attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. CVE-2019-14863 It was discovered that AngularJS incorrectly handled certain regular...
PT-2026-2926
Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...
PYSEC-2026-90
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...
CVE-2023-4820
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
WordPress plugin Brevo for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...